---
- name: modify selinux so that httpd can serve data from NFS shares if needed
  seboolean:
    name: "{{item}}"
    state: yes
    persistent: yes
  when: "'enabled' in ansible_selinux.status"
  with_items:
  # For requesting UserInfo from ipsilon.
  - httpd_execmem
  # For accessing /srv/odcs/
  - httpd_use_nfs
  tags:
  - odcs
  - odcs/frontend
  - selinux

- name: Add apache user to odcs-server group.
  user:
    name: apache
    groups: odcs-server
    append: yes
  notify:
  - reload apache
  tags:
  - odcs
  - odcs/frontend

- name: generate the ODCS Apache config
  template:
    src: etc/httpd/conf.d/odcs.conf.j2
    dest: /etc/httpd/conf.d/odcs.conf
    owner: apache
    group: apache
    mode: 0440
  notify:
  - reload apache
  tags:
  - odcs
  - odcs/frontend

- name: Disable PrivateTmp=true in httpd.service.
  lineinfile:
    path: /usr/lib/systemd/system/httpd.service
    regexp: '^PrivateTmp'
    line: 'PrivateTmp=false'
  notify:
  - reload systemd
  - restart apache
  tags:
  - odcs
  - odcs/frontend

- name: ensure selinux lets httpd talk to postgres
  seboolean: name={{item}} state=yes persistent=yes
  with_items:
  - httpd_can_network_connect_db
  - httpd_can_network_connect
  when: "'enabled' in ansible_selinux.status"
  tags:
  - odcs
  - odcs/frontend
  - selinux

- name: make httpd logs world readable
  file:
    name: /var/log/httpd
    state: directory
    mode: 0755
  tags:
  - odcs
  - odcs/frontend

# This will initialize Alembic if the database is empty, and migrate to the
# latest revision
- name: migrate the database
  command: "{{ item }}"
  with_items:
  - odcs-manager upgradedb
  become: yes
  become_user: odcs-server
  when: odcs_migrate_db
  tags:
  - odcs
  - odcs/frontend


